ss_whitelist V1.0

[update] ss_whitelist 完善IPV6支持 [update] 重复添加时内容包含请求头（没什么用，排查问题时加上的） [fix] 修复日志文件不会输出至 stderr 的问题 [fix] IPV6监听配置错误
2022-06-18 00:44:48 +08:00 · 2022-06-18 00:44:48 +08:00 · e05be2133a
parent 9fad566653
commit e05be2133a
2 changed files with 41 additions and 12 deletions
--- a/ss_whitelist/config/nginx.conf
+++ b/ss_whitelist/config/nginx.conf
@ -5,7 +5,7 @@ worker_rlimit_nofile 655350;

 pcre_jit on;

-error_log  logs/error.log;
+#error_log  logs/error.log;
 pid        logs/nginx.pid;


@ -36,8 +36,10 @@ stream {
    }

    server {
-        listen [::]:7777;
-        listen [::]:7777 udp;
+        listen 7777;
+        listen 7777 udp;
+        listen [::]:7777 ipv6only=on;
+        listen [::]:7777 udp ipv6only=on;
        include allow.list;
        deny all;
        proxy_pass ss;
@ -81,25 +83,28 @@ http {
    error_page 500 502 503 504 /50x.html;

    server{
-        listen [::]:80;
+        listen 80;
+        listen [::]:80 ipv6only=on;
        location / {
            auth_basic "";
            auth_basic_user_file /etc/openresty/auth;
            add_header Content-Type text/plain;
-            real_ip_header proxy_protocol;
-            set_real_ip_from 0.0.0.0/8;
-            proxy_set_header X-Real-IP       $proxy_protocol_addr;
-            proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+            proxy_set_header   X-Real-IP        $remote_addr;
+            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            content_by_lua_block {
-                clientIP=ngx.var.remote_addr;
-                ngx.header.content_type = "text/plain;charset=UTF-8";
+                clientIP=ngx.var.remote_addr
+                headers=ngx.req.get_headers()
+                ngx.header.content_type = "text/plain;charset=UTF-8"
                file = io.open("/etc/openresty/allow.list","a+")
                io.input(file)
                io.output(file)
                for line in file:lines() do
                    if string.find(line,clientIP) then
                        m = string.find(line,clientIP)
-                        ngx.print("当前IP:"..clientIP.."已存在，无需添加")
+                        ngx.print("当前IP:"..clientIP.."已存在，无需添加\n\n")
+                        for k, v in pairs(headers) do
+                           ngx.print(k..":"..v.."\n")
+                        end
                    end
                end
                if m == nil then
--- a/ss_whitelist/docker-compose.yml
+++ b/ss_whitelist/docker-compose.yml
@ -1,5 +1,15 @@
 version: "3.9"
 services:
+  ipv6nat:
+    image: robbertkl/ipv6nat
+    container_name: ipv6nat
+    restart: unless-stopped
+    network_mode: host
+    privileged: true
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /lib/modules:/lib/modules:ro
+
  shadowsocks:
    image: shadowsocks/shadowsocks-libev:latest
    expose:
@ -8,9 +18,16 @@ services:
    environment:
      - METHOD=chacha20-ietf-poly1305
      - PASSWORD=96166477-95b6-41a1-92c5-e33bce9694b0
+#      - SERVER_ADDR=0.0.0.0
+#      - SERVER_ADDR=::0  # no use for listen ipv6 (may be no env actually but in doc)
+      - DNS_ADDRS=2001:4860:4860::8888,2001:4860:4860::8844,8.8.8.8,1.1.1.1
+      - ARGS= -s ::0
    restart: always
    networks:
      - backend
+    depends_on:
+      - ipv6nat
+
  openresty:
    image: openresty/openresty:latest
    ports:
@ -26,6 +43,13 @@ services:
    networks:
      - backend
    depends_on:
+      - ipv6nat
      - shadowsocks
 networks:
  backend:
+    enable_ipv6: true
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: fd00:cafe:face::/48